Re: [secdir] secdir review of draft-ietf-lisp-mib

"Adrian Farrel" <adrian@olddog.co.uk> Thu, 20 June 2013 21:58 UTC

Return-Path: <adrian@olddog.co.uk>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9B0B621F9E9E; Thu, 20 Jun 2013 14:58:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.437
X-Spam-Level:
X-Spam-Status: No, score=-2.437 tagged_above=-999 required=5 tests=[AWL=0.162, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ckBtpBNAAa89; Thu, 20 Jun 2013 14:58:26 -0700 (PDT)
Received: from asmtp4.iomartmail.com (asmtp4.iomartmail.com [62.128.201.175]) by ietfa.amsl.com (Postfix) with ESMTP id A1D4621F9E62; Thu, 20 Jun 2013 14:58:25 -0700 (PDT)
Received: from asmtp4.iomartmail.com (localhost.localdomain [127.0.0.1]) by asmtp4.iomartmail.com (8.13.8/8.13.8) with ESMTP id r5KLwNbi003379; Thu, 20 Jun 2013 22:58:24 +0100
Received: from 950129200 (dsl-sp-81-140-15-32.in-addr.broadbandscope.com [81.140.15.32]) (authenticated bits=0) by asmtp4.iomartmail.com (8.13.8/8.13.8) with ESMTP id r5KLwMFr003353 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Thu, 20 Jun 2013 22:58:23 +0100
From: Adrian Farrel <adrian@olddog.co.uk>
To: 'Warren Kumari' <warren@kumari.net>, iesg@ietf.org, secdir@ietf.org, draft-ietf-lisp-mib.all@tools.ietf.org
Date: Thu, 20 Jun 2013 22:58:20 +0100
Message-ID: <090501ce6e01$4779cb70$d66d6250$@olddog.co.uk>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 14.0
Thread-Index: Ac5uATmYr9QkkRFnRYCcRmONQQmJ5g==
Content-Language: en-gb
Subject: Re: [secdir] secdir review of draft-ietf-lisp-mib
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: adrian@olddog.co.uk
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Jun 2013 21:58:30 -0000

although...

      lispMIBTuningParametersGroup OBJECT-GROUP
          OBJECTS { lispFeaturesMapCacheLimit,
                    lispFeaturesEtrMapCacheTtl
                  }
          STATUS  current
          DESCRIPTION
                  "A collection of writeable objects used to
                   configure LISP behavior and to tune performance."
          ::= { lispGroups 10 }

...might lead one to think that something here is writeable.

Adrian


> -----Original Message-----
> From: iesg-bounces@ietf.org [mailto:iesg-bounces@ietf.org] On Behalf Of
> Warren Kumari
> Sent: 20 June 2013 19:26
> To: iesg@ietf.org; secdir@ietf.org; draft-ietf-lisp-mib.all@tools.ietf.org
> Cc: Warren Kumari
> Subject: secdir review of draft-ietf-lisp-mib
> 
> Be ye not afraid..
> 
> I have reviewed this document as part of the security directorate's
> ongoing effort to review all IETF documents being processed by the
> IESG.  These comments were written primarily for the benefit of the
> security area directors.  Document editors and WG chairs should treat
> these comments just like any other last call comments.
> 
> This draft defines a MIB for monitoring LISP devices.
> This set off the standard "Nooooo. SNMP Write. Noooo.." alarm bells, but
> then I skipped down to the Security Considerations section and saw that
authors
> had anticipated my shrieks of despair and that the draft says that there are
no
> read-write / read-create objects.
> 
> The Security Considerations section seems well written and complete. It makes
a
> suggestion that SNMPv3, with crypto goodness, be used to access this MIB.
> It also claims that there is no exposed objects in the MIB that are considered
> sensitive. I don't LISP, and so don't know what all might be considered
sensitive,
> but from reading most of the descriptions, and applying some common-sense
> the claim seems reasonable.
> 
> -----------
> 
> Two questions / nits:
> 1: The DESCRIPTION for 'lispMIBTuningParametersGroup' says: "A collection of
> writeable objects used to." but these seem Read-only. It is possible I
> misunderstand the description.
> 
> 2: The Security Considerations section points out that SNMP prior to V3
doesn't
> have adequate security, and that there is no control who can GET/**SET**
> things (emphasis mine). I suspect that this was lifted verbatim from e.g
> http://tools.ietf.org/html/rfc5834.
> 
> As there is no set / write in this MIB I think that removing the mention of
setting
> things would be clearer.
> s/to access and GET/SET (read/change/create/delete) the objects/to access the
> objects/
> 
> 
> Apologies for how late this review is. I was filtering the SecDir assignments
into an
> incorrect folder and so missed it completely.
> 
> W
> 
> 
> 
> 
> --
> Some people are like Slinkies......Not really good for anything but they still
bring a
> smile to your face when you push them down the stairs.
>